Skip to Content

CompTIA Security+ SY0-601 Exam Questions and Answers – Page 2 Part 2

The latest CompTIA Security+ (SY0-601) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-601) exam and earn CompTIA Security+ (SY0-601) certification.

CompTIA Security+ (SY0-601) Exam Questions and Answers

Question 191

Exam Question

Group-based access control in MS Windows environments is an example of:

A. RBAC
B. DAC
C. ABAC
D. MAC

Correct Answer

A. RBAC

Question 192

Exam Question

Which access control model defines access control rules with the use of statements that closely resemble natural language?

A. DAC
B. ABAC
C. MAC
D. RBAC

Correct Answer

B. ABAC

Question 193

Exam Question

In the Kerberos-based authentication process, the purpose of the client’s timestamp is to provide countermeasure against:

A. Replay attacks
B. Dictionary attacks
C. Birthday attacks
D. Downgrade attacks

Correct Answer

A. Replay attacks

Question 194

Exam Question

Which of the following authentication protocols can be used to enable SSO in Windows-based network environments?

A. PAP
B. LDAP
C. MS-CHAP
D. Kerberos

Correct Answer

D. Kerberos

Question 195

Exam Question

OpenID Connect is a protocol used for:

A. Authentication
B. Authorization
C. Accounting

Correct Answer

A. Authentication

Question 196

Exam Question

What are the characteristics of TACACS+? (Select 3 answers)

A. Encrypts only the password in the access-request packet
B. Combines authentication and authorization
C. Encrypts the entire payload of the access-request packet
D. Primarily used for device administration
E. Separates authentication and authorization
F. Primarily used for network access

Correct Answer

C. Encrypts the entire payload of the access-request packet
D. Primarily used for device administration
E. Separates authentication and authorization

Question 197

Exam Question

An authentication subsystem that enables a user to access multiple, connected system components (such as separate hosts on a network) after a single login on only one of the components is known as:

A. NAC
B. SSO
C. AAA
D. MFA

Correct Answer

B. SSO

Question 198

Exam Question

802.1X is an IEEE standard for implementing:

A. VLAN tagging
B. Token ring networks
C. Port-based NAC
D. Wireless networks

Correct Answer

C. Port-based NAC

Question 199

Exam Question

Challenge Handshake Authentication Protocol (CHAP) is a remote access authentication protocol that periodically re-authenticates client at random intervals to prevent session hijacking.

A. True
B. False

Correct Answer

A. True

Question 200

Exam Question

During a password reminder procedure the system asks security question that covers personal details that should be known only to the user (e.g. user’s favorite holiday destination). This type of authentication method is an example of:

A. SAE
B. KBA
C. IdP
D. PII

Correct Answer

B. KBA